diff --git a/scm-core/src/main/java/sonia/scm/repository/Changeset.java b/scm-core/src/main/java/sonia/scm/repository/Changeset.java index 4fb6aa4d6b..914fd8f90a 100644 --- a/scm-core/src/main/java/sonia/scm/repository/Changeset.java +++ b/scm-core/src/main/java/sonia/scm/repository/Changeset.java @@ -355,7 +355,7 @@ public class Changeset extends BasicPropertiesAware implements ModelObject { /** * Sets a collection of signatures which belong to this changeset. * @param signatures collection of signatures - * @since 2.3.0 + * @since 2.4.0 */ public void setSignatures(Collection signatures) { this.signatures = new ArrayList<>(signatures); @@ -364,7 +364,7 @@ public class Changeset extends BasicPropertiesAware implements ModelObject { /** * Returns a immutable list of signatures. * @return signatures - * @since 2.3.0 + * @since 2.4.0 */ public List getSignatures() { return Collections.unmodifiableList(signatures); @@ -373,7 +373,7 @@ public class Changeset extends BasicPropertiesAware implements ModelObject { /** * Adds a signature to the list of signatures. * @param signature - * @since 2.3.0 + * @since 2.4.0 */ public void addSignature(Signature signature) { signatures.add(signature); diff --git a/scm-core/src/main/java/sonia/scm/repository/Signature.java b/scm-core/src/main/java/sonia/scm/repository/Signature.java index 3e67613447..b077793f7b 100644 --- a/scm-core/src/main/java/sonia/scm/repository/Signature.java +++ b/scm-core/src/main/java/sonia/scm/repository/Signature.java @@ -31,14 +31,14 @@ import java.util.Optional; /** * Signature is the output of a signature verification. - * @since 2.3.0 + * @since 2.4.0 */ @Value public class Signature implements Serializable { private static final long serialVersionUID = 1L; - private final String key; + private final String keyId; private final String type; private final boolean verified; private final String owner; diff --git a/scm-core/src/main/java/sonia/scm/security/GPG.java b/scm-core/src/main/java/sonia/scm/security/GPG.java index c2cd6b8177..2fa773c906 100644 --- a/scm-core/src/main/java/sonia/scm/security/GPG.java +++ b/scm-core/src/main/java/sonia/scm/security/GPG.java @@ -29,7 +29,7 @@ import java.util.Optional; /** * Allows signing and verification using gpg. * - * @since 2.3.0 + * @since 2.4.0 */ public interface GPG { diff --git a/scm-core/src/main/java/sonia/scm/security/PrivateKey.java b/scm-core/src/main/java/sonia/scm/security/PrivateKey.java index dc62a4ca74..b1d12582a7 100644 --- a/scm-core/src/main/java/sonia/scm/security/PrivateKey.java +++ b/scm-core/src/main/java/sonia/scm/security/PrivateKey.java @@ -29,7 +29,7 @@ import java.io.InputStream; /** * Can be used to create signatures of data. - * @since 2.3.0 + * @since 2.4.0 */ public interface PrivateKey { diff --git a/scm-core/src/main/java/sonia/scm/security/PublicKey.java b/scm-core/src/main/java/sonia/scm/security/PublicKey.java index 30e3fe1072..734b19afc1 100644 --- a/scm-core/src/main/java/sonia/scm/security/PublicKey.java +++ b/scm-core/src/main/java/sonia/scm/security/PublicKey.java @@ -31,7 +31,7 @@ import java.util.Optional; /** * The public key can be used to verify signatures. * - * @since 2.3.0 + * @since 2.4.0 */ public interface PublicKey { diff --git a/scm-webapp/src/main/java/sonia/scm/security/gpg/DummyGPG.java b/scm-webapp/src/main/java/sonia/scm/security/gpg/DummyGPG.java new file mode 100644 index 0000000000..79c6e516bb --- /dev/null +++ b/scm-webapp/src/main/java/sonia/scm/security/gpg/DummyGPG.java @@ -0,0 +1,58 @@ +/* + * MIT License + * + * Copyright (c) 2020-present Cloudogu GmbH and Contributors + * + * Permission is hereby granted, free of charge, to any person obtaining a copy + * of this software and associated documentation files (the "Software"), to deal + * in the Software without restriction, including without limitation the rights + * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell + * copies of the Software, and to permit persons to whom the Software is + * furnished to do so, subject to the following conditions: + * + * The above copyright notice and this permission notice shall be included in all + * copies or substantial portions of the Software. + * + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR + * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, + * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE + * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER + * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, + * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE + * SOFTWARE. + */ + +package sonia.scm.security.gpg; + +import sonia.scm.security.GPG; +import sonia.scm.security.PrivateKey; +import sonia.scm.security.PublicKey; + +import java.util.Collections; +import java.util.Optional; + +/** + * Dummy implementation of {@link GPG} should be replaced soon. + */ +public class DummyGPG implements GPG { + + @Override + public String findPublicKeyId(byte[] signature) { + return "unknown"; + } + + @Override + public Optional findPublicKey(String id) { + return Optional.empty(); + } + + @Override + public Iterable findPublicKeysByUsername(String username) { + return Collections.emptySet(); + } + + @Override + public PrivateKey getPrivateKey() { + throw new UnsupportedOperationException("getPrivateKey is not yet implemented"); + } +} diff --git a/scm-webapp/src/main/java/sonia/scm/security/gpg/GPGModule.java b/scm-webapp/src/main/java/sonia/scm/security/gpg/GPGModule.java new file mode 100644 index 0000000000..c064e54ba7 --- /dev/null +++ b/scm-webapp/src/main/java/sonia/scm/security/gpg/GPGModule.java @@ -0,0 +1,37 @@ +/* + * MIT License + * + * Copyright (c) 2020-present Cloudogu GmbH and Contributors + * + * Permission is hereby granted, free of charge, to any person obtaining a copy + * of this software and associated documentation files (the "Software"), to deal + * in the Software without restriction, including without limitation the rights + * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell + * copies of the Software, and to permit persons to whom the Software is + * furnished to do so, subject to the following conditions: + * + * The above copyright notice and this permission notice shall be included in all + * copies or substantial portions of the Software. + * + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR + * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, + * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE + * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER + * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, + * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE + * SOFTWARE. + */ + +package sonia.scm.security.gpg; + +import com.google.inject.AbstractModule; +import sonia.scm.plugin.Extension; +import sonia.scm.security.GPG; + +@Extension +public class GPGModule extends AbstractModule { + @Override + protected void configure() { + bind(GPG.class).to(DummyGPG.class); + } +} diff --git a/scm-webapp/src/main/java/sonia/scm/security/gpg/Keys.java b/scm-webapp/src/main/java/sonia/scm/security/gpg/Keys.java index 7ecbd1d49d..26f2d94403 100644 --- a/scm-webapp/src/main/java/sonia/scm/security/gpg/Keys.java +++ b/scm-webapp/src/main/java/sonia/scm/security/gpg/Keys.java @@ -24,18 +24,13 @@ package sonia.scm.security.gpg; -import org.bouncycastle.bcpg.ArmoredInputStream; -import org.bouncycastle.gpg.keybox.PublicKeyRingBlob; import org.bouncycastle.openpgp.PGPException; -import org.bouncycastle.openpgp.PGPObjectFactory; import org.bouncycastle.openpgp.PGPPublicKey; import org.bouncycastle.openpgp.PGPPublicKeyRing; import org.bouncycastle.openpgp.PGPPublicKeyRingCollection; import org.bouncycastle.openpgp.PGPUtil; -import org.bouncycastle.openpgp.jcajce.JcaPGPPublicKeyRing; import org.bouncycastle.openpgp.operator.KeyFingerPrintCalculator; import org.bouncycastle.openpgp.operator.jcajce.JcaKeyFingerprintCalculator; -import sonia.scm.security.PublicKey; import java.io.ByteArrayInputStream; import java.io.IOException; diff --git a/scm-webapp/src/main/java/sonia/scm/security/gpg/PublicKeyStore.java b/scm-webapp/src/main/java/sonia/scm/security/gpg/PublicKeyStore.java index 394e657e59..ffb54b355a 100644 --- a/scm-webapp/src/main/java/sonia/scm/security/gpg/PublicKeyStore.java +++ b/scm-webapp/src/main/java/sonia/scm/security/gpg/PublicKeyStore.java @@ -27,20 +27,13 @@ package sonia.scm.security.gpg; import com.google.common.annotations.VisibleForTesting; import org.apache.shiro.SecurityUtils; import org.bouncycastle.openpgp.PGPException; -import sonia.scm.security.PublicKey; import sonia.scm.store.DataStore; import sonia.scm.store.DataStoreFactory; import javax.inject.Inject; import javax.inject.Singleton; -import javax.xml.bind.annotation.XmlAccessType; -import javax.xml.bind.annotation.XmlAccessorType; -import javax.xml.bind.annotation.XmlElement; -import javax.xml.bind.annotation.XmlRootElement; import java.io.IOException; import java.time.Instant; -import java.util.ArrayList; -import java.util.List; import java.util.Optional; import java.util.function.Supplier;